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© A plant monitoring and control system is special- 
ized in a plant such as a reactor power plant, which 
is provided with plural process systems (A, B. ...N) 
functionally divided, and is communicable between 
the process systems with broadcast communication. 
Detection signals corresponding to process variables 
of the process systems, detected by the detectors 
(11 A, 11B, ... 11N), are supplied into the transmis- 
sion line (14) by the remote process input-output 
unit (13A, 13B ... 13N). Command signals can be 
also supplied into the line via a input unit (161 A, 
161B ... 161N) and a console controller (162A, 162B 
... 162N) of a corresponding operator console (16A, 
16B ... 16N). A corresponding process controller 
(15A, 15B ... 15N) takes in the detection signals and 
command signals from the line (14) and returns 
calculated control signals into the line. The remote 
process input-output unit (13A, 13B ... 13N) controls 
the corresponding process device (12A, 12B ... 12N) 
by giving the control signals. Each of the process 
controllers incorporates a control backup element 
against control failure of other process controllers, 
then eliminating the multiplex construction of the 
process controller (15A, 15B ... 15N) for a redundant 
system. The console controller (162A, 162B ... 162N) 
controls images on a display unit (163A, 163B ... 
163N) in the corresponding operator console (16A, 
16B ... 16N). A display backup element can also be 



incorporated in the console controllers respectively, 
then simplifying the console construction. 
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© A plant monitoring and control system is special- 
ized in a plant such as a reactor power plant, which 
is provided with plural process systems (A, B, ...N) 
functionally divided, and is communicable between 
the process systems with broadcast communication. 
Detection signals corresponding to process variables 
of the process systems, detected by the detectors 
(11 A, 11B, ... 11N), are supplied into the transmis- 
sion line (14) by the remote process input-output 
unit (13A, 13B ... 13N). Command signals can be 
also supplied into the line via a input unit (161 A, 
161B ... 161N) and a console controller (162A, 162B 
... 162N) of a corresponding operator console (16A, 
16B ... 16N). A corresponding process controller 
(15A, 15B ... 15N) takes in the detection signals and 
command signals from the line (14) and returns 
calculated control signals into the line. The remote 
process input-output unit (13A, 13B ... 13N) controls 
the corresponding process device (12A, 12B ... 12N) 
by giving the control signals. Each of the process 
controllers incorporates a control backup element 
against control failure of other process controllers, 
then eliminating the multiplex construction of the 
process controller (15A, 15B ... 15N) for a redundant 
system. The console controller (162A, 162B ... 162N) 
controls images on a display unit (163A, 163B ... 
163N) in the corresponding operator console (16A, 
16B ... 16N). A display backup element can also be 
incorporated in the console controllers respectively, 
then simplifying the console construction. 
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BACKGROUND OF THE INVENTION 

The present invention relates to a plant moni- 
toring and control system for operation and control 
of an industrial plant such as a power plant, a 
chemical plant or the like, and is particularly con- 
cerned with a plant monitoring and control system 
provided with backup means against failure of in- 
corporated controllers. 

A bigger plant, such as a power plant, has 
usually plural control systems divided according to 
control functions. The plural control systems com- 
pose a function-divided control system to disperse 
risks of a process system shutdown caused by the 
control system failure. 

The function-divided control system has used 
extensively of late a digital control system accord- 
ing to a progress in semiconductor technique and 
communication technique. The digital control sys- 
tem is, for example, provided with a remote pro- 
cess input-output unit, a digital process controller, 
and an operator console at every control system. 
The operator console is provided with a digital 
console controller, input units such as key boards, 
and display units such as CRT's (cathode-ray 
tube). In addition, all of the remote process input- 
output units, the process controllers, and the con- 
sole controllers throughout control systems are 
connected by a transmission line. The digital-type 
controllers including the remote process input-out- 
put units are designed to be able to perform broad- 
cast communication through the transmission line 
with time sharing technique. 

That is, plant process variables (e.g. tempera- 
ture, flow-rate, valve status and so on) are detected 
by detectors, and detection signals corresponding 
to the process variables are transmitted into the 
transmission line for the other controllers by the 
remote process input-output unit. A process con- 
troller takes in, at every assigned time, detection 
signals and command signals of an operator which 
are transmitted through the line, and calculates 
control signals according to a given arithmetic op- 
eration procedure. The calculated control signals 
are then transmitted into the transmission line for 
the other controllers at every assigned time by the 
process controller. A remote process input-output 
unit takes in the control signals at every assigned 
time and outputs the control signals to process 
devices to control the process system. 

On the other hand, a console controller takes 
in, at every assigned time, signals corresponding to 
process status and the operator's command sig- 
nals, and calculates display signals in accordance 
with a given procedure. The calculated display 
signals are visualized on the screen of the display 
units for the operator to monitor the plant process 
state. The console controller also acts as an inter- 



face unit between the input units and the transmis- 
sion line. 

Moreover, in utilizing the above digital control 
system, a multiplex construction as a redundant 

5 system is essential for enhancing a reliability of 
monitoring and control of the process which is 
important for the plant operation. To accomplish 
the multiplex construction, the plural process con- 
trollers, the functions of which are the same for 

w mutual backups, are provided at the every control 
system, and also the plural console controllers of 
an operator console, the functions of which are the 
same for mutual backups, are provided at the ev- 
ery control system. 

is However, in the above-described plant monitor- 

ing and control system, redundant systems in- 
stalled for securing a high reliability become com- 
plicated in construction and larger in system size. 

20 SUMMARY OF THE INVENTION 

Accordingly, it is a primary object of the 
present invention to provide a plant monitoring and 
control system whose redundant systems can be 

25 simplified with a high reliability for the control of a 
plant process. 

It is another object of the present invention to 
provide a plant monitoring and control system, in 
which the redundant systems for at least one of the 

30 process controller and the console controller can 
be simplified in construction. 

It is further object of the present invention to 
provide a plant monitoring and control system 
which is able to remove excessive arithmetic op- 

35 eration task for a certain process controller when 
accomplishing the simplification of the redundant 
systems. 

It is still further object of the present invention 
to provide a plant monitoring and control system 
40 applicable to a reactor power plant, especially, 
without the increased capacity of a incorporated 
memory for storing predetermined data in the con- 
trollers. 

It is still further object of the present invention 
45 to provide a plant monitoring and control system, in 
which operators can designate backed-up console 
controllers at their will. 

These and other objects can be achieved ac- 
cording to the present invention, in one aspect by 
50 providing, a plant monitoring and control system 
comprising a plurality of detectors for detecting 
process variables of plural process systems which 
are functionally divided in a plant; a plurality of 
process devices for controlling the process sys- 
55 terns by control signals; a transmission line for 
transmitting signals for broadcast communication; a 
plurality of elements for supplying detection signals 
from the plural detectors into the transmission line 
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at every assigned time; a plurality of input units, 
usable by operators, provided corresponding to the 
every process system; a plurality of elements for 
supplying command signals from the plural input 

^ units into the transmission line at every assigned 
time; a plurality of elements for controlling the 
process, which take in the detection signals and 

* command signals corresponding to the process 
systems from the transmission line at every as- 
signed time, caluculate the control signals by op- 
eration in accordance with assigned control func- 

* tions for the process systems, and supply the 
control signals into the transmission line at every 
assigned time; a plurality of elements for driving 
the process devices, which take in the control 
signals corresponding to the process systems from 
the transmission line at every assigned time, and 
supply the control signals to the process devices 
respectively; and a control backup element for 
backing up the process control elements, in case 
some of the process control elements get faulty. 

In another aspect according to the present in- 
vention, there is also provided a plant monitoring 
and control system comprising, instead of the 
aforementioned control backup element, a plurality 
of elements for controlling displays, which take in, 
corresponding to the process systems, the detec- 
tion signals and the control signals from the trans- 
mission line as well as the command signals from 
the input unit at every assigned time, and form 
display signals by operation in accordance with the 
assigned display function for the process systems; 
a plurality of display units for displaying each im- 
ages based on the display signals from the display 
control element; and a display backup element for 
backing up the display control elements, in case 
some of the display control elements get faulty. 

In a further aspect according to the present 
invention, there is also provided a plant monitoring 
and control system comprising, the aforementioned 
control backup element and display backup ele- 
ment together. 

Preferably, the control backup element is com- 
posed of plural elements corresponding to the plu- 
ral process control elements respectively. It is also 
preferred that the process control element and the 
control backup element are incorporated in a single 

* process controller, and both of the process control 
element and the control backup element operate 
using time sharing in the process controller. The 

* single control backup element is preferably pro- 
vided with a backup order table in which a backup 
order for other process systems is included, an 
arithmetic operation procedure table in accordance 
with control functions which are assigned to the 
process systems to be backed up, and an element 
for calculating the control signals on the basis of 
data from the backup order table and the arithmetic 



operation procedure table. 

Preferably, the display backup element is com- 
posed of plural elements corresponding to the plu- 
ral display control elements respectively. It is also 
5 preferred that the display control element and the 
display backup element are incorporated in a sin- 
gle controller, and both of the display control ele- 
ment and the display backup element operate us- 
ing time sharing in the controller. Preferably, the 
w controller, the input unit, and the display unit are 
incorporated in an operator console at every pro- 
cess system. 

In the aforementioned systems, at least one of 
a certain process control element and display con- 
75 trol element fails in its predetermined operation, 
including power breakdown, a predetermined con- 
trol backup element (or display backup element) 
will perform the operation of the failed controller 
instead, according to a predetermined backup or- 
20 der. As a result, multiplex constructions as redun- 
dant systems for the process control elements (or 
display control elements) can be avoided, then 
leading to simplification of the redundant systems 
with keeping a high reliability of controls. 
25 It is also preferred that the plural control bac- 

kup elements interchange each other information 
representing task amounts in the corresponding 
self process control elements update and memo- 
rize an order of less task at a certain time interval 
30 on the basis of the interchanged information, and 
back up the faulty process control elements ac- 
cording to the updated order. 

As a result, over-load of arithmetic operation 
for a certain control backup element can be avoid- 
35 ed. 

It is also preferred that the plant is a reactor 
power plant. Further, the plural process control 
elements and the plural control backup elements 
are each grouped according to differences in at- 

40 tribute of the control function assigned to the pro- 
cess control elements, and each of the control 
backup elements acts as a substitute for the faulty 
process control element in the group only. 

The aforementioned systems will be especially 

45 specialized in a bigger plant such as a reactor 
power plant, and lead to the reduced capacity of 
incorporated memories of the process control ele- 
ments. 

It is also preferred that the input unit is pro- 
50 vided with a keyed switch having operator-changed 
ON and OFF positions and supplying signals cor- 
responding the switching positions, and the display 
backup element takes in the signal from the keyed 
switch, judges the switching position of the keyed 
55 switch, and backs up the display control element, 
in case only when the switching position is ON 
position. Further, the input unit is capable of taking 
in passwords from operators, and the display bac- 
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kup element takes the passwords in, and backs up 
other display control element, in case only when 
the passwords coincides with a predetermined one. 

As a result, by using the keyed switch or 
passwords, operators can designate display backup 
elements at their will. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The accompanying drawings which are incor- 
porated in and constitute a part of this specifica- 
tion, illustrate embodiments of the invention and, 
together with the description, serve to explain the 
principles of the invention; in which: 

Fig. 1 is a schematic block diagram of a plant 
monitoring and control system according to a 
first preferred embodiment of the present inven- 
tion; 

Fig. 2 is a schematic block diagram of process 
controllers in the first embodiment; 
Fig. 3A is a flowchart representing self process 
control by the process controller; 
Fig. 3B and 3C is flowcharts representing bac- 
kup control by the process controller; 
Fig. 3D shows a functional schematic block dia- 
gram for a data memory and an arithmetic and 
control unit in a process controller; 
Fig. 4 shows a functional schematic block dia- 
gram for a console controller; 
Fig. 5 is a schematic block diagram of a plant 
monitoring and control system according to a 
second preferred embodiment of the present 
invention; and 

Fig. 6 is a schematic block diagram of process 
controllers according to a modified embodiment 
for the present invention. 

DESCRIPTION OF THE PREFERRED EMBODI- 
MENTS 

A first embodiment of the present invention will 
now be described with reference to Fig. 1 to 4. 

Fig.1 depicts a schematic block diagram of a 
plant 9 such as a reactor power plant. The plant 9 
is provided with a plurality of process systems A, 
B...N which are divided according to control sys- 
tems, and a plant monitoring and control system 10 
for individual operating and controling the process 
systems A to N. 

A plant monitoring and control system 10 
shown in Fig. 1 comprises a plurality of detectors 
11 A, 11B...11N for detecting process variables of 
the process systems A, B...N respectively, a plural- 
ity of process devices 12A, 12B...12N for operating 
and controlling the process systems A, B...N re- 
spectively, and a plurality of remote process input- 
output units 13A, 13B...13N connected to the de- 
tectors 11A to 11N and the process devices 12A to 



12N, a transmission line 14 connected to the re- 
mote process input-output units 13A to 13N, a 
plurality of process controllers 15A, 15B...15N con- 
nected to the transmission line 14, and a plurality 

5 of operator consoles 16A, 16B...16N also connect- 
ed to the transmission line 14. 

The detectors 11A to 11N are able to detect 
assigned process variables such as circulating wa- 
ter flow-rate or circulating water temperature, and 

10 generate electric signals corresponding to the pro- 
cess variables, respectively. Each of the process 
devices 12A to 12N acts as an actuator, such as a 
control valve, thus individually being able to adjust 
the assigned process variables of the process sys- 

75 tern A (to N) to a desired value in response to 
control signals from the remote process input-out- 
put unit 13A (to 13N). 

The remote process input-output units 13A to 
13N are provided each at every process system A 

20 (to N), and disposed locally so as to adjust a cable 
length between the units and the detectors 11 A to 
11N and the process devices 12A to 12N as short 
as possible. 

Each of the remote process input-output units 
25 13A to 13N includes at least A/D (analogue to 
digital) converters, D/A (digital to analogue) con- 
verters, amplifiers, on-off status converters and a 
CPU (central processing unit), and functions as an 
interface unit between the transmission line 14 and 
30 the detectors 11 A (to 11N) and the process devices 
12A (to 12N). Consequently, the analogue detection 
signals supplied into the remote process input- 
output unit 13A (to 13N) by the detector 11A (to 
11N) can be converted into digital signals and can 
35 be transmitted into the transmission line 14 at 
every assigned time with the time shared control. 
On the other hand, digital control signals transmit- 
ted from the process controller 15A (to 15N) 
through the transmission line 14 can be taken in by 
40 the designated remote process input-output unit 
13A (to 13N) at every assigned time with the time 
shared control, then converted into analogue sig- 
nals and amplified therein so as to generate driving 
signals (i.e., control signals) for the process device 
45 12A(to12N). 

The transmission line 1 4 is capable of transmit- 
ting digital electric signals for broadcast commu- 
nication thereby. 

As described above, the combination of the 
so remote process input-output units 13A to 13N and 
the transmission line 14 enables broadcast commu- 
nication among them. 

The process controllers 15A to 15N and the 
operator consoles 16A to 16N are provided cor- 
55 respondingly one to one to each of the process 
systems A to N of the plant 9. 

Each of the process controllers 15A to 15N is 
composed as shown in Fig. 2 (in this figure, only 
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three controllers 15A to 15C are shown), namely, 
incorporates therein a data memory 151 A (to 
151N), a communication control unit 152A (to 
152N), and an arithmetic and control unit 153A (to 

• 153N) respectively. The each data memory 151 A 
(to 151N) stores, as look-up tables, a backup order 

4 table 151A-1 (to 151 N-1) in which a backup order 

• can be set, and an arithmetic operation procedure 
table 151A-2 (to 151N-2) corresponding to func- 
tions of the plant process systems A (to N). In this 
case, each of the backup order table 151A-1 to 

J 151 N-1 can store two orders having the first and 
second backups. For example, for the table 151A- 
1, the first order is designated for the process 
system C and the second order is designated for 
the process system B. The backup orders of other 
tables 151B-1 to 151 N-1 are formed on the same 
principle. The arithmetic operation procedure tables 
151A-2 to 151N-2 store each procedure for all the 
process systems A to N respectively. 

The communication control unit 152A (to 152N) 
is provided with a CPU, and is capable of commu- 
nicating data between the arithmetic and control 
unit 153A (to 153N) and the transmission line 14 at 
every assigned time with time shared control. As a 
result, it is possible for the process controllers 15A 
to 15N to perform broadcast communication 
through the transmission line 14. Further, the 
arithmetic and control unit 153A (to 153N) is also 
provided with a CPU, and is designed to perform 
processes shown in Fig. 3A to 3C. so that control 
signals calculated therein can be given to the trans- 
mission line 14 via the communication control unit 
152A (to 152N). 

Referring to the flowcharts in Fig. 3A to 3C, the 
operation of the arithmetic and control units 153A 
to 153N will now be explained. The processes in 
Fig. 3A to 3C are to be performed at every fixed 
interval with timer interrupt method. In this explana- 
tion, for convenience* sake, only three units 153A 
to 153C will be referred to just as shown in Fig. 2. 

In the first Step 400, the arithmetic and control 
unit 153A (to 153C) judges whether the unit 153A 
(to 153C) itself is under self-failure or not. This 
judgement can be performed with a flag in a mem- 
ory incorporated therein. If judged NO (normal) in 
this Step 400, then the unit 153A (to 153C) will 
proceed to Steps 401 to 407. 

In the Step 401, corresponding arithmetic op- 
\ eration procedure for the self process system A (to 

C) is read from the arithmetic operation procedure 
table 151A-2 (to 151C-2). This reading step is 
performed only when the system starts up and 
skipped at the next cycle. In Step 402, a command 
of an operator transmitted through the line 14 are 
taken in, and in Step 403, detecion signals are also 
taken in. Then, in Step 404, arithmetic processing 
according to the procedure taken in Step 401 will 



be performed. As a result, the processing of Step 
404 yields control signals for process variables in 
the self process-system A (to C). The control 
signals, in Step 405, are then supplied into the 
5 transmission line 14 by the communication control 
unit 152A (to 152C). 

Further, in Step 406, the arithmetic and control 
unit 153A (to 153C) will try to check the operating 
conditions of the self controller 15A (to 15C). The 

io operating conditions are set to be, for example, 
internal state of a memory and deviation of a clock 
frequency of a timer. Then in Step 407, based on 
the data checked above, it is judged that the pro- 
cess controllers 15A (to 15C) is in a failed state or 

75 not. If judged NO (not failure) in Step 407, the 
following Steps 408 is skipped. 

On the other hand, if judged YES (failure) in 
Step 407, the processing of Step 408 will consecu- 
tively be followed. In Step 408, the arithmetic and 

20 control unit 153A (to 153C) itself will output a 
failure signal to the other controllers by broadcast 
communication, via the communication control unit 
152A (to 152C), showing that the process controller 
15A (to 15C) for the process system A (to C) has 

25 failed and will abandon its process control from the 
comming assigned time. Consequantly, all the oth- 
er controllers including the remote process input- 
output units can know the failure of the process 
controller 15A (to 15C) and exclude it from the 

30 control system composition. 

On the other hand, the arithmetic and control 
unit 153A (to 153C) will each perform the pro- 
cesses shown in Fig. 3B and 3C in the form of the 
timer interruption. 

35 In the first Step 420 of Fig. 3B, the arithmetic 

and control unit 153A (to 153C) takes in the failure 
signals which might be generated in other control 
unit 153A (to 153C). In the next step 421, the 
taken-in signals are referred to the backup order 

40 table 151A-1 (to 151C-1). Then, in Step 422, based 
on the result of the above reference, it is judged 
that the failure in other control unit 153A (to 153C), 
corresponding to the first backup order, occurred 
or not. 

45 If judged NO (not failure) in Step 422, the 

process will be returned to the main program. But, 
when judged YES (failure) in Step 422, the process 
of Step 423 to 427 will be then followed. In step 
423, corresponding arithmetic operation procedure 

50 for the failed control system is read from the 
arithmetic operation procedure table 151A-2 (to 
151C-2). Then, in Step 424 to 427, the same pro- 
cesses as Step 402 to 405 are performed. 

At another fixed timing, the processes shown in 

55 Fig. 3C, which are almost identical with the ones in 
Fig. 3B, carried out by the arithmetic and control 
unit 153A (to 153C). That is, after processing of 
Steps 430 and 431, the unit 153A (to 153C) judges 
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whether both of the control system in the second 
backup order and the control system having the 
first backup order are failed or not in Steps 432 
and 433. Then, the same processes as the above- 
described Steps 423 to 427 will be followed in Step 
434 to 438. 

According to the aforementioned operation, a 
part of the data memory 151 A (to 151N) and the 
arithmetic and control unit 153A (to 153N) can be 
expressed functionally as in Fig. 3D. That is, the 
part includes a self process control portion 1531 
corresponding to the operation in Fig. 3A, and a 
process backup control portion 1 532 corresponding 
to the operation in Fig. 3B and 3C. 

On the other hand, each of the operator con- 
soles 16A to 16N, as shown in Fig.1, comprises an 
input unit 161 A (to 161N) and a display unit 163A 
(to 163N), and a console controller 162A (to 162N) 
which is electrically connected to the input units 
161 A (to 161N), the display units 163A (to 163N), 
and the transmission line 14. The each input unit 
161 A (to 161 N) is composed of a key board, for 
instance, and necessary commands can be sup- 
plied to this plant monitoring and control system 10 
by an operator with the input unit 161 A (to 161 N). 
The each display unit 163A (to 163N) is composed 
of a CRT (cathode ray tube), for instance, and be 
able to display images according to the display 
signals given by the console controller 162A (to 
162N). In this embodiment, the two sets of an input 
unit 161 A (to 161 N) and a display unit 163A (to 
163N) are installed in parallel to the single console 
controller 162A (to 162N), thus providing restless 
display even when either one of the two display 
units 163A, 163A (to 163N, 163N) might be broken 
down. 

The console controller 162A (to 162N) is com- 
posed of a data memory (not shown), an arithmetic 
and control unit (not shown), and a communication 
control unit (refer to Fig.4), respectively. The each 
data memory stores therein both a backup order 
table and a display operation procedure table in the 
form of look-up tables. The both backup order table 
and display operation procedure table can be re- 
ferred, as the same theory as the process control- 
ler 15A (to 15N), when some of the console con- 
trollers 162A to 162N have failed. The arithmetic 
and control unit includes a CPU and can perform 
the operation of display procedure, correspondingly 
one to one to the control systems, for display of 
process variables. The arithmetic and control unit is 
designed to display various process data in color, 
pattern, and numerical value on the screen of the 
paired display units 163A, 163A...163N, 163N. 

Therefore, each of the console controllers 162A 
to 162N can functionally be expressed in Fig. 4. 
That is, there provided are a self display control 
portion 1621, a display backup control portion 



1622, a operator command control portion 1623, 
and a communication control unit 1624. The self 
display control portion 1621 and the display bac- 
kup control portion 1622 are functionally formed by 

5 the data memory and the arithmetic and control 
unit incorporated therein. The operator command 
control portion 1623 is functionally formed by the 
arithmetic and control unit, and interprets com- 
mands from an operator via the input unit 161 A (to 

10 161N) and transmits interpreted signals to the por- 
tions 1621 and 1622 and the unit 1624. 

Further, the communication control unit 1624 is 
provided with a CPU, and in charge of data ex- 
changes based on the broadcast communication 

75 described above. 

In this embodiment, the remote process input- 
output units 13A to 13N act as means for supplying 
detection signals and also driving the process de- 
vices 12A to 12N. The operator command control 

20 portion 1623 and the communication control unit 
1624 in the console controllers 162A to 162N com- 
pose means for supplying command signals. The 
combination of the self process control portion 
1531 and the communication control unit 152A (to 

25 152N) forms means for controlling the process. In 
the same way, the combination of the process 
backup control portion 1532 and the communica- 
tion control unit 152A (to 152N) forms each control 
backup means. Further, the self display control 

30 portion 1621 and the communication control unit 
1624 in the console controller 162A (to 162N) can 
be combined in forming means for controlling dis- 
plays. Still further, the display backup control por- 
tion 1622 and the communication control unit 1624 

35 in the console controller 162A (to 162N) can be 
combined in forming display backup means. 

Next, the overall operation of this embodiment 
will now be explained. 

Based on the broadcast communication, upon 

40 receipt of command signals of operators provided 
to input units 161 A to 161N and process variable 
detection signals from- the detectors 11A to 11N, 
the process controllers 1 5A to 1 5N compute control 
signals according to an arithmetic operation proce- 

45 dure for themselves. Then, the control signals are 
each provided to the process devices 12A to 12N 
via the remote process input-output units 13A to 
13N using the broadcast communication technique. 
A series of these processes permits the process 

50 devices 12A to 12N to operate so as to meet their 
desired status. 

Under the above normal state, if any one pro- 
cess controller 15A (to 15N) gets faulty, the pro- 
cess controller 15A (to 15N) generates a failure 
55 signal showing abandonment of its control. The 
failure signal is outputted into the transmission line 
14 via a communication control unit 152A (to 152N) 
with the broadcast communication. The failure sig- 
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nal through the transmission line 14 is then taken in 
by the other process controllers 15A to 15N via the 
other communication control units 152A to 152N for 
recognition of the backup order, respectively. Then, 
if the received failure signal is recognised as the 
signal corresponds to the first order, the process 
controller 15A (to 15N) recognising the first backup 
order carries out the processing assigned to the 
failured process controller 15A (to 15N) as a sub- 
stitute as well as its own processing originally 
assigned. 

Further, under operation against failure of the 
first backup order, when another failure signal is 
outputted, one of the remaining non-failed process 
controllers 15A to 15N will operate as a substitute, 
namely, in the case, the process controller 15A (to 
15N) in charge of a substitute can perform the 
procedures about the first and second backup or- 
ders in addition to its own procedure. 

For example, in the case of Fig.2, if the pro- 
cess controller 15A gets faulty, then the arithmetic 
and control unit 153B of the process controller 15B 
standing first in the backup order receives the 
failure signal, reads arithmetic operation procedure 
A from the memory 151B. Then the unit 153B 
carries out the procedure concurrently with its own 
arithmetic operation procedure B, thereby backing 
up the process controller 15A. Moreover, in this 
case, if the process controller 15C gets faulty, the 
arithmetic and control unit 153B of the process 
controller 15B also backs up the process controller 
15C using the time shared operation. 

On the other hand, when at least one of the 
console controllers 162A to 162N gets faulty, other 
console controllers 162A to 162N back up in accor- 
dance with the backup order, in the same way as 
above-mentioned. A display procedure of the faulty 
console controller 162A, for example, is carried out 
by the console controller 162B. 

As described above, multiplexing both the pro- 
cess contorller and the console controller can be 
omitted by incorporating the mutual backup 
mechanism therein. Therefore, the redundant sys- 
tem is simplified with a high reliability. 

By the way, in case a scale of the aforemen- 
tioned display is small, the display procedures cor- 
responding to all the process systems A to N will 
be stored by one console controller 162A, thereby 
backing up others ail. 

Further, the backup order of the process and 
display control in the present inveition is not limited 
to the two orders, the first and second backups, 
and other orders are also applicable. For example, 
one order having only the first backup or three 
orders having the first to third backups is ap- 
plicable in the same way as described above. 

A second embodiment of the present invention 
will now be described with reference to Fig.5. The 



second embodiment is arranged in such a manner 
that the plant monitoring and control system 10 
constructed as above is applied to a BWR (boiling 
water reactor) power plant, as a more practical use. 
5 A BWR atomic power plant 100 shown in Fig. 5 

operates for generation of electric power on a gen- 
erator 112 by leading a steam produced in a reac- 
tor 101 to a steam turbine 111, and rotating the 
steam turbine 111. 
to Rotations of the steam turbine 111 are con- 

trolled by a steam regulating valve 113 and a by- 
pass valve 1 1 4 on a turbine inlet. 

The steam used for rotating the steam turbine 
111 is condensed by a condenser 110, and is 

75 returned to the reactor 101 again by a feed-water 
pump 107 by way of a condensate pump 109 and 
a feed-water heater 1 08. 

An output of the reactor 101 is controlled by 
operating a control rod inserted from a lower por- 

20 tion of the reactor 101 into the reactor 101 by 
means of a control rod driving mechanism 104, or 
otherwise by extracting a part of water in the reac- 
tor 101 by means of a reactor recirculating pump 
105 to adjust the recirculation amount. 

25 The recirculation amount is then controlled by 

controlling a rotational frequency of the reactor 
recirculating pump 105, and thus an inverter 106 
has been employed recently. 

Then, an emergency core cooling pump 102 

30 for cooling down a core in the reactor 101 is 
provided for the unlikely event of abnormity, and a 
multiplicity of sensors 103 are installed for monitor- 
ing and control of the complicated plant process. 
The above-mentioned BWR atomic power plant 

35 100 is provided with the plant monitoring and con- 
trol system 120 which is constructed in the same 
way as the first embodiment is constructed. 

According to Fig. 5, the same elements as 
those according to the first embodiment are given 

40 the same reference numerals and their descriptions 
are omitted or simplified here. 

That is, the remote process input-output units 
13A to 13N are connected to the aforementioned 
process devices and the detectors. As a result, 

45 necessary process variable detection signals are 
inputted into the units 13A to 13N each, and also 
control signals are outputted from the units 13A to 
13N to the process devices each. 

The detection signals inputted to the remote 

so process input-output units 13A to 13N are taken in 
the process controllers 15A to 15N by way of the 
tranmission line 14, and thus a necessary 
arithmetic operation is carried out therein. The pro- 
cess controllers 15A to 15N are separated each 

55 into three groups, for example, coming in a safety 
system corresponding controller system x, a con- 
tinuous controller system y, and a sequence con- 
troller system z from differences in attribute of the 
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arithmetic operation. 

Then, each of the process controllers 15A to 
15N is provided with a backup mechanism which 
backs up mutually among the controllers in the 
same group. The backup mechanism itself has the 
same composition as described in the first embodi- 
ment. 

For example, a function as reactor recirculating 
flow controller is assigned normally to one process 
controller 15D in the continuous controller system 
y. However, should a function as, for example, 
feed-water flow controller which is carried out by 
the other process controller 15E in the same sys- 
tem y be lost, the function as feed-water flow 
controller will be carried out together on the pro- 
cess controller 15D by the backup mechanism. 

Thus, a high reliability of the process control- 
lers 15A to 15N is secured without multiplexing 
these process controllers themselves. That is, the 
whole control system can be simplified. Moreover, 
a fall in plant availability due to a failure of the 
controllers 15A to 15N may be prevented. 

On the other hand, the operator consoles 16A 
to 16N are classified each into a safety system 
operator console group, a reactor system operator 
console group, a turbine generator system operator 
console group, and other auxiliary equipment sys- 
tem operator console group, and carry out a dis- 
play operation assigned as function distribution 
each normally. Moreover, the operator consoles 
16A to 16N are of a configuration and store all 
display operation procedures, and the arithmetic 
operation other than display operation functions 
assigned normally is executable from every oper- 
ator consoles 16A to 16N. 

In this embodiment, each of the input units 
1 61 A to 161 N is provided with a keyed switch 200, 
and the console controllers 162A to 162N are de- 
signed each to read ON-OFF information from the 
keyed switch 200 and switch the display operation 
functions. That is, when the keyed switch 200 is in 
the OFF position by an operator, the console con- 
troller 162A (to 162N) is unable to perform its 
backup control, thus being able to perform only 
normal operations. Therefore, it is possible to as- 
sign the console controllers 162A to 162N backup 
controllers, for example, in accordance with a de- 
gree of calculation load. 

Accordingly if one console controller 162A, for 
example, gets faulty, the display operation as- 
signed to the faulty console controller 162A can 
easily be carried out successively to backup by 
other console controllers 162B (to 162N), in which 
the keyed switch 200 is at the ON position. There- 
fore, a reliability for the display can be enhanced 
without multiplexing the console controllers 162A to 
162N. 

Then, in the above embodiment, inputting 



passwords from the input units 161 A to 161N may 
be substituted for the keyd switch 200. In that 
case, the passwords should be decided corre- 
sponding to the ON-OFF states of the keyed switch 
5 200. 

In regard to a grouping of the process control- 
lers 15A to 15N or the operator consoles 16A to 
16N, the invention is not necessarily limited to the 
second embodiment, and hence these can properly 

10 be grouped in consideration of a procedure of the 
process controllers 15A to 15N or the console 
controllers 162A to 162N. 

Further, with reference to a backup order of the 
process controllers 15A to 15N, it can be coordi- 

15 nated by updating a backup sequence at a pre- 
determined period in the order of light load accord- 
ing to a processing condition of tasks of the pro- 
cess controllers 15A to 15N. 

As shown in Fig. 6, for example, when there 

20 present are four process controllers 25A, 25B, 25C, 
25D including the process control means and the 
control backup means respectively, a processing 
condition of tasks at the current point in time is 
subjected to information interchange at a predeter- 

25 mined period by way of the transmission line 14. 

Now, assuming that the order of light load 
comes in the process controllers 25A t 25B, 25C, 
25D, arithmetic and control units 251 A, 251 B. 
251 C, 251 D of the process controllers 25A to 25D 

30 write a backup order in backup areas in memories 
252A, 252B, 252C, 252D respectively, and thus, for 
example, a backup order 1 is written in the mem- 
ory 252A of the process controller 25A. In this 
case, a backup order 2 is written in the memory 

35 252B, an order 3 in the memory 253C, and an 
order 4 in the memory 253D. In Fig. 6, reference 
characters 253A to 253D represent communication 
controllers. 

In such state, if any of the process controllers 
40 25B to 25D gets faulty, then the process controller 
25A carries out control and arithmetic operation of 
any of the faulty process controllers 25B to 25D 
according to the backup order with self control and 
operation. 

45 Then, the task processing condition should be 

changed from the previous state, and a modifica- 
tion process of the backup order is carried out at a 
predetermined period among the remaining normal 
process controllers, for example, 25A, 25C and 

so 25D. 

Consequently, one of the process controllers 
25A to 25D which is the lightest in load, that is, the 
largest in tolerance, can be driven as a backup unit 
at all times. 

55 Further, it is possible for the present invention 

to adopt only either one of the control backup 
means or the display backup means in the afore- 
mentioned embodiments. 



8 



15 



EP0 472 169 A2 



16 



Still further, it is possible for the present inven- 
tion to adopt a construction in which the process 
controllers and operator consoles are not provided 
correspondingly one to one to each of the process 
systems. 5 

Claims 

1. A plant monitoring and control system com- 
prising: 10 

a plurality of detectors for detecting re- 
spective process variables of plural process 
systems which are functionally divided in a 
plant; 

a plurality of process devices for control- is 
ling the process systems by control signals; 

a transmission line for transmitting signals 
for broadcast communication; 

a plurality of means for supplying detec- 
tion signals from the plural detectors into the 20 
transmission line at every assigned time; 

a plurality of input units, usable by oper- 
ators, provided corresponding to the every pro- 
cess system; 

a plurality of means for supplying com- 25 
mand signals from the plural input units into 
the transmission line at every assigned time; 

a plurality of means for controlling the pro- 
cess, which take in the detection signals and 
command signals corresponding to the pro- 30 
cess systems from the transmission line at 
every assigned time, calculate the control sig- 
nals by operation in accordance with assigned 
control function for the process systems, and 
supply the control signals into the transmission 35 
line at every assigned time; 

a plurality of means for driving the process 
devices, which take in the control signals cor- 
responding to the process systems from the 
transmission line at every assigned time, and 40 
supply the control signals to the process de- 
vices respectively; and 

a control backup means for backing up the 
process control means, in case some of the 
process control means get faulty. 45 

2. A plant monitoring and control system com- 
prising: 

a plurality of detectors for detecting re- 
spective process variables of plural process so 
systems which are functionally divided in a 
plant; 

a plurality of process devices for control- 
ling the process systems by control signals; 

a transmission line for transmitting signals 55 
for broadcast communication; 

a plurality of means for supplying detec- 
tion signals from the plural detectors into the 



transmission line at every assigned time; 

a plurality of input units, usable by oper- 
ators, provided corresponding to the every pro- 
cess system; 

a plurality of means for supplying com- 
mand signals from the plural input units into 
the transmission line at every assigned time; 

a plurality of means for controlling the pro- 
cess, which take in the detection signals and 
command signals corresponding to the pro- 
cess systems from the transmission line at 
every assigned time, calculate the control sig- 
nals by operation in accordance with assigned 
control function for the process systems, and 
supply the control signals into the transmission 
line at every assigned time; 

a plurality of means for driving the process 
devices, which take in the control signals cor- 
responding to the process systems from the 
transmission line at every assigned time, and 
supply the control signals to the process de- 
vices respectively; 

a plurality of means for controlling dis- 
plays, which take in, corresponding to the pro- 
cess systems, the detection signals and the 
control signals from the transmission line as 
well as the command signals from the input 
unit at every assigned time, and form display 
signals by operation in accordance with as- 
signed display function for the process sys- 
tems; 

a plurality of display units for displaying 
each images based on the display signals from 
the display control means: and 

a display backup means for backing up 
the display control means, in case some of the 
display control means get faulty 

3. A plant monitoring and control system com- 
prising: 

a plurality of detectors for detecting re- 
spective process variables of plural process 
systems which are functionally divided in a 
plant; 

a plurality of process devices for control- 
ling the process systems by control signals; 

a transmission line for transmitting signals 
for broadcast communication: 

a plurality of means for supplying detec- 
tion signals from the plural detectors into the 
transmission line at every assigned time; 

a plurality of input units, usable by oper- 
ators, provided corresponding to the every pro- 
cess system; 

a plurality of means for supplying com- 
mand signals from the plural input units into 
the transmission line at every assigned time; 

a plurality of means for controlling the pro- 
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cess, which take in the detection signals and 
command signals corresponding to the pro- 
cess systems from the transmission line at 
every assigned time, calculate the control sig- 
nals by operation in accordance with assigned 5 
control function for the process systems, and 
supply the control signals into the transmission 
line at every assigned time, 

a plurality of means for driving the process 
devices, which take in the control signals cor- 10 
responding to the process systems from the 
transmission line at every assigned time, and 
supply the control signals to the process de- 
vices respectively; 

a control backup means for backing up the 75 
process control means, in case some of the 
process control means get faulty; 

a plurality of means for controlling dis- 
plays, which take in, corresponding to the sys- 
tem equipments, the detection signals and the 20 
control signals from the transmission line as 
well as the command signals from the input 
unit at every assigned time, and form display 
signals by operation in accordance with as- 
signed display function for the process sys- 2s 
terns; 

a plurality of display units for displaying 
each images based on the display signals from 
the display control means; and 

a display backup means for backing up 30 
the display control means, in case some of the 
display control means get faulty. 

A system as claimed in claim 1 or 3, wherein 
the control backup means is composed of plu- 35 
ral control backup means corresponding to the 
plural process control means respectively. 

A system as claimed in claim 4, wherein the 
process control means and the control backup 40 
means are incorporated in a single process 
controller, and both the process control means 
and control backup means operate using time 
sharing in the process controller. 

45 

A system as claimed in claim 4, wherein the 
single control backup means is provided with a 
backup order table in which a backup order for 
other process systems is included, an 
arithmetic operation procedure table in accor- so 
dance with control functions which are as- 
signed to the process systems to be backed 
up, and means for calculating the control sig- 
nals on the basis of data from the backup 
order table and the arithmetic operation proce- 55 
dure table. 

A system as claimed in claim 4, wherein the 



plural control backup means interchange each 
other information representing task amounts in 
the corresponding self process control means, 
updates and memorizes an order of less task 
at a certain time interval on the basis of the 
interchanged information, and backs up the 
faulty process control means according to the 
updated order. 

8. A system as claimed in any of claims 1 to 7, 
wherein the plant is a reactor power plant. 

9. A system as claimed in claim 8, wherein the 
plural process control means and the plural 
control backup means are each grouped ac- 
cording to differences in attribute of the control 
function assigned to the process control 
means, and each of the control backup means 
acts as a substitute for the faulty process con- 
trol means in the group only. 

10. A system as claimed in claim 3, wherein the 
display backup means is composed of plural 
display backup means corresponding to the 
plural display control means respectively. 

11. A system as claimed in claim 10, wherein the 
display control means and the display backup 
means are incorporated in a single controller, 
and both the display control means and dis- 
play backup means operate using time sharing 
in the controller. 

12- A system as claimed in claim 11, wherein the 
controller, the input unit, and the display unit 
are incorporated in an operator console at ev- 
ery process system. 

13. A system as claimed in claim 8, wherein the 
plural display control means and the plural 
display backup means are each grouped ac- 
cording to differences in attribute of the display 
function assigned to the display control means, 
and each of the display backup means acts as 
a substitute for the faulty display control 
means in the group only. 

14. A system as claimed in claim 10, wherein the 
input unit is provided with a keyed switch 
having operator-changed ON and OFF posi- 
tions and supplying signals corresponding the 
switching positions, and the display backup 
means takes in the signal from the keyed 
switch, judges the switching position of the 
keyed switch, and backs up the display control 
means, in case only when the switching posi- 
tion is ON position. 



19 EP 0 472 169 A2 20 



15. A system as claimed in claim 10, wherein the 
input unit is capable of taking in passwords 
from operators, and the display backup means 
takes in the passwords, and backs up other 
• display control means, in case only when the 5 

passwords coincides with a predetermined 
one. 
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